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REMARKS 

Initially, Applicants note that the remarks and amendments made by this paper are 
consistent with the proposals presented to the Examiner during the telephone call of October 19, 
2007. 

The Office Action, mailed September 19, 2007, considered and rejected claims 1-14 and 
22-44. 1 By this response, claims 1 and 9 have been amended, no claims have been canceled and 
dependent claim 45 has been added such that claims 1-14 and 22-45 remain pending. Of the 
remaining claims, claims 1, 9, 15, 22, 27, and 35 are the only independent claims at issue. 2 

Applicants' claimed invention is generally directed to embodiments for managing 
multiple credentials in a distributed system. The embodiment of claim 1, for example recites a 
method for associating multiple credentials with a single user account such that the user may be 
authenticated with any one of the multiple credentials utilizing a service that is accessed by a 
user from one or more devices with varying input capabilities. In the method, the authentication 
service receives an authentication request from a device that includes credentials of the user with 
the credentials being selected by the user from among a plurality of credentials based at least 
partially on the user's device. The credentials provided by the user are then validated, wherein 
the credentials are associated with a unique single user identifier of the user, a user account, and 
a user profile. The authentication system receives new credentials from the user, wherein the 
new credentials are associated with the same unique user identifier of the user, user account, and 
user profile. The new credentials are stored in a credential store of the authentication system 
such that the authentication system can authenticate the user to the service when the user 
provides any one of the multiple credentials associated with the user account. The authentication 
system provides, in response to the request, the unique user identifier and the user profile to the 
device. 

The remaining independent claims are closely related to independent claim 1 and are 

1 Claims 1, 4-5, 9-11, 27, 30-31, 35-37, 41-44 were rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Moreh, et al. (US Patent No.: 6,959,336), hereinafter Moreh, and further in view of Sweet, et al. (US Patent 
Publication No.: 2002/0031230 Al), hereinafter Sweet. Claims 7, 14, 33 and 40 were rejected under 35 U.S.C. § 
103(a) as being unpatentable over Moreh and further in view of Sweet and Leah, et al. (US Patent No.: 6,986,039 
Bl), hereinafter Leah. Claims 2-3, 8, 12, 22, 25-26, 28-29, 34 and 38 were rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Moreh and further in view of Sweet and Wood, et al. (US Patent No.: 6,609,198 Bl), 
hereinafter Wood. Claims 13 and 39 were rejected under 35 U.S.C. § 103(a) as being unpatentable over Moreh and 
further in view of Sweet, Laursen and Wood. 
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allowable for the same reasons as discussed below with regard to claim 1 . Claim 27 is directed 
to a method similar to the method of claim 1, but recited from the perspective of the user rather 
than the service. Claims 9 and 35 recite computer program products corresponding to the 
methods of claims 1 and 27 respectively. 

The independent claims were rejected in view of Moreh and Sweet. Moreh discloses a 
federated authentication service technology. In the disclosure of Moreh, a client authenticates a 
subject using a protocol proxy that mediates with an authentication mechanism to obtain a name 
assertion which can then be used to access a server. When multiple authentication mechanisms 
are available, an optional agent and mechanism resolution process are used to resolve one 
suitable mechanism to use. The Office Action cites Sweet as demonstrating credential being 
associated with a single unique user identifier, a user account and a user profile. 

It is noted, however, that the combination of Moreh and Sweet fail to teach or suggest the 
claimed invention for at least failing to disclose all of the limitations contained in the presently 
pending claims. For example, the cited art fails to teach or suggest any embodiment in which a 
user selects a set of credentials to use, and particularly as recited in combination with the other 
recited claim elements. Instead, the cited art either uses a single authentication mechanism or a 
mechanism resolution process that selects a mechanism to use. 

The disclosure of Moreh describes the use of an authentication agent in order to select an 
authentication mechanism to use. However, when using the authentication mechanism, the user 
is not choosing which credentials to send, as required in the claims. Instead, the authentication 
mechanism is responsible for determining exactly one credential to send. While the 
authentication agent is not a necessary part of the invention, any references to it require that the 
agent, rather than the user is selecting the authentication mechanism. This contrasts sharply with 
the current claims, where the user is selecting what credential they would like to send to the 
authentication service. 

An example is given within Moreh where the client sends the name of a particular 
authentication mechanism to the authentication agent, however the authentication agent is still 
responsible for determining the authentication mechanism to use. It is also notable that in each 
of the examples within Moreh, that the determination of a specific authentication mechanism to 
use is being negotiated, not what credential to use. It is not until after the authentication 
mechanism is determined in Moreh that the credentials are actually sent to the authentication 
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mechanism. 

As an alternative to using the authentication agent, Moreh discloses in column 7, 11. 15-29 
a situation where the authentication agent is not used. However, in that situation it is the client 
that chooses the mechanism to use rather than the user. While Moreh does disclose that the 
client and user can be the same, thereby implying the user is making the selection, the only 
described situation is where the subject is non-human. Additionally, in the description of not 
using the Authentication Agent, the client chooses the service based on its interaction with the 
subject, therefore the client and the subject cannot be the same. Finally, the disclosure states 
that when multiple authentication mechanisms are available, the optional agent may be used to 
resolve the mechanisms, suggesting the only time not to use the agent is when only one 
mechanism is available. 

In view of the foregoing, Applicant respectfully submits that the other rejections to the 
claims are now moot and such that any of the remaining rejections and assertions made, 
particularly with respect to all of the dependent claims, do not need to be addressed individually 
at this time. It will be appreciated, however, that this should not be construed as Applicant 
acquiescing to any of the purported teachings or assertions made in the last action regarding the 
cited art or the pending application, including any official notice, and particularly with regard to 
the dependent claims. 3 For example, there are many limitations presented in the dependent 
claims that further distinguish the claims from the cited art, including, but not limited to the 
limitations presented in claims 45 wherein the authentication service validates the credentials 
using the credentials contained in the credential store. In contrast, Moreh sends the credentials to 
the different authentication mechanisms using a protocol proxy. 



3 Instead, Applicant reserves the right to challenge any of the purported teachings or assertions made in the last 
action at any appropriate time in the future, should the need arise. Furthermore, to the extent that the Examiner has 
relied on any Official Notice, explicitly or implicitly, Applicant specifically requests that the Examiner provide 
references supporting any official notice taken. Furthermore, although the prior art status of the cited art is not being 
challenged at this time, Applicant reserves the right to challenge the prior art status of the cited art at any appropriate 
time, should it arise. Accordingly, any arguments and amendments made herein should not be construed as 
acquiescing to any prior art status of the cited art. 
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In the event that the Examiner finds remaining impediment to a prompt allowance of this 
application that may be clarified through a telephone interview, the Examiner is requested to 
contact the undersigned attorney at 801-533-9800. 

Dated this 19 th day of December, 2007. 



Respectfully submitted, 
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Attorneys for Applicant 
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